Sponsor of the Day:
Jerkmate
https://www.elastic.co/docs/reference/ecs/ecs-category-field-values-reference
ECS categorization fields | Elastic Common Schema (ECS)
At a high level, ECS provides fields to classify events in two different ways:
fields elastic commonecs categorizationschema
https://www.elastic.co/docs/reference/ecs/ecs-allowed-values-event-category
ECS categorization field: event.category | Elastic Common Schema (ECS)
This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. event.category represents the
elastic common schemaecs categorizationfield eventcategory
https://www.elastic.co/docs/reference/ecs/ecs-allowed-values-event-type
ECS categorization field: event.type | Elastic Common Schema (ECS)
This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. event.type represents a categorization
elastic common schemaecs categorizationfield eventtype
https://www.elastic.co/docs/reference/ecs/ecs-using-categorization-fields
Using the categorization fields | Elastic Common Schema (ECS)
The event categorization fields work together to identify and group similar events from multiple data sources. These general principles can help guide...
fields elastic commonschema ecsusingcategorization